Publications

Explore our publication library for in-depth analysis, detailed research, and our perspective on managing Risk holistically across your organization from IT project assurance, to making the Internal Audit function more efficient; from managing compliance and regulatory burdens to identifying and managing the risk in your supply chain.

Fortified for success
Building your company’s risk, controls and compliance ecosystem, for the IPO and beyond
Going public is a transformational event that pushes company into view of regulatory, investor, and analyst scrutiny. Companies that delay getting their risk management, compliance and compliance infrastructure in order until after the IPO may be jeopardizing their ability to reap the full benefits of going public. This paper lays out steps that will help companies establish a foundation and cover the company’s critical risks and controls, both pre-and-post IPO.

Metrics by design
A practical approach to measuring internal audit performance
As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Managing the Shadow Cloud
The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.

EU Data Protection Reforms
The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

State of Compliance Survey, 2014
Today’s Chief Compliance Officers (CCOs) face more responsibility than ever, but also an opportunity to play a more strategic role in their organizations and become vital members of the C-suite, according to the findings from PwC's 4th Annual State of Compliance Survey.

Risk in Review 2014: Re-evaluating how your company addresses risk
PwC conducted its third annual risk survey in the fall of 2013, polling 1,940 executives across 37 countries to seek a detailed picture of the state of risk in today’s business climate. This study presents key findings and insights from that survey, as well as from a series of related, in-depth executive interviews.

Fortified for success
Building your company’s risk, controls and compliance ecosystem, for the IPO and beyond
Going public is a transformational event that pushes company into view of regulatory, investor, and analyst scrutiny. Companies that delay getting their risk management, compliance and compliance infrastructure in order until after the IPO may be jeopardizing their ability to reap the full benefits of going public. This paper lays out steps that will help companies establish a foundation and cover the company’s critical risks and controls, both pre-and-post IPO.

A Guide to Cloud Audits: Internal Audit’s role in balancing risk and reward in the cloud
Who safeguards company data in the cloud and manages the associated risks? Who is responsible for monitoring changes in the risk profile of a company’s cloud position? The movement to cloud presents a new host of concerns ranging from privacy and reliability, to resiliency. As organizations transform and dive deeper into the cloud environment, Internal Audit will be pivotal in guiding through the change.

Metrics by design
A practical approach to measuring internal audit performance
As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

The Internal Audit Analytics Conundrum—Finding your path through data
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.

What is Internal Audit's role in transformational change?
Internal Audit has a role in transformational change programs. This includes collaboration with other assurance providers within the organization to ensure positive outcomes. This whitepaper highlights six suggestions for Internal Audit involvement that are designed to help them plan their role.

IA and the cloud
Companies are adopting cloud computing. The economics are too compelling to ignore: standardized IT processes at reduced costs can free up IT resources to focus on differentiating the business. Yet risk is elevated because a broad cloud implementation requires changes in processes, people, and systems.

SOC 2 and 3: Building customer trust through controls reporting
Organizations are increasingly looking to global markets for outsourcing as a means of reducing costs and increasing efficiencies. In order to receive assurance over their vendors’ operations, companies are demanding SOC (Service Organization Controls) reports prepared by independent auditors.

Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust
The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. The result is increased pressure on service providers to provide greater transparency over their controls, so that their customers’ have assurance over their vendor’s operations. PwC’s Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.

A Guide to Cloud Audits: Internal Audit’s role in balancing risk and reward in the cloud
Who safeguards company data in the cloud and manages the associated risks? Who is responsible for monitoring changes in the risk profile of a company’s cloud position? The movement to cloud presents a new host of concerns ranging from privacy and reliability, to resiliency. As organizations transform and dive deeper into the cloud environment, Internal Audit will be pivotal in guiding through the change.

Rethinking media auditing and benchmarking pools
Knowing how your advertising spend compares to that of your competitors is an important benchmark that allows you to save money; and using media auditing and benchmarking pools is the definitive way to do this. Or is it? It’s time to question the value of these pools.

Managing the Shadow Cloud
The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.

EU Data Protection Reforms
The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

10Minutes on data privacy
Are business leaders looking at the glass half empty? By considering only what privacy safeguards can prevent—customer loss, brand damage, fines, litigation—they miss out on what the right strategy can enable. This 10Minutes highlights the importance of viewing consumer privacy from more than just a compliance lens and developing a strategy and action plan that will help businesses take the lead on data privacy by building customer trust and enhancing their brand.

2013 Data Privacy Survey
PwC's 2013 survey of privacy professionals across the United States includes 370 respondents at the board of directors level responsible for oversight of privacy programs, as well as practitioners involved in day-to-day privacy operations.

Trust but verify
This slogan was used during the Cold War to describe the basis for transparency in political relationships. Today, the term can be used to describe a strategy for narrowing the "trust gap" not between nations, but between companies and stakeholders.

Taking control of FATCA
Most organizations implementing FATCA are currently focused on addressing core requirements around due diligence, withholding and reporting. However, leading organizations are simultaneously working to address governance, compliance and controls frameworks.

Protecting your brand in the cloud: Transparency and trust through enhanced reporting
Cloud computing is becoming a foundation for benefits well beyond IT cost savings. Yet, many business leaders are concerned about how they will address the issues that surface in every conversation about the cloud: security, privacy, availability, and data protection. Faced with the risk of a potential threat to their brand, companies need transparency into how well cloud providers' environments address concerns.

The CMO’s role in privacy: Are your marketing programs affecting your brand?
Organizations often use customer information collected online to understand and effectively target consumers. This process requires not only the attention of the chief privacy officer, but also the chief marketing officer. Almost daily, news headlines underscore the importance of this with data breaches becoming commonplace. For consumers to provide complete and accurate information, they must know they can trust your organization.

Streamlining and Aligning Your Control Processes For Stronger Growth and Lower Costs
Regulatory pressures for businesses are intensifying, and compliance costs are rising, while resources remain scarce. Data is expanding exponentially in both volume and diversity. Organizations that move into developing markets face additional challenges. In this environment, companies must transform control and compliance management from burdensome, labor-intensive tasks into streamlined processes that support growth, add business value, and lower costs. To stay ahead of regulatory pressures, organizations should integrate compliance tools with back-end systems and use leading practices to streamline and automate control processes for continuous, realtime management of internal controls.

Goods gone bad: Addressing money-laundering risk in the trade finance system
Money launderers and terrorist financiers have increasingly turned to global trade as a venue for moving illicit funds across borders and integrating them into the formal economy. Though the underlying techniques of most of these trade-based money laundering (TBML) schemes are relatively simple, they are difficult to detect because they are layered within the mass of legitimate payments. To stay ahead of regulatory pressures and mitigate the real risks that TBML poses, financial institutions and trade organizations need to begin developing analytics-focused AML procedures and monitoring capabilities designed specifically to detect TBML methodologies.

Why you should adopt the NIST Cybersecurity Framework
The NIST Cybersecurity Framework, which was drafted by the Commerce Department’s National Institute of Standards and Technology (NIST), yields no surprises for critical infrastructure executives who have followed its development. The Framework represents a tipping point in the evolution of cybersecurity, one in which the balance is shifting to proactive risk-management standards. While the Framework is voluntary, organizations across industries may gain significant benefits by adopting the guidelines. This paper outlines the primary components of the NIST Cybersecurity Framework as well as the pros and cons for early adopters.

2015 Global Information Security Survey
The Global State of Information Security® Survey, an annual, worldwide study by PwC, CIO magazine, and CSO magazine, aims to inform and stimulate the debate on how businesses are facing today’s security challenges.

Virtual currencies: Out of the deep web, into the light
Bitcoin and other virtual currencies have reached the point of broad influence, with the potential to tip over into full mainstream acceptance. But the potential for money laundering, large-scale theft, terrorist financing, and other illicit uses has regulators concerned. Financial services firms can play a critical role in the integration of virtual currencies through the implementation of anti-money laundering procedures and controls, including transaction monitoring and know-your-customer protocols.

Risk in Review 2014: Re-evaluating how your company addresses risk
PwC conducted its third annual risk survey in the fall of 2013, polling 1,940 executives across 37 countries to seek a detailed picture of the state of risk in today’s business climate. Respondents brought perspectives from five broad organizational sectors: financial services; healthcare; consumer and industrial products and services (CIPS); technology, information, communications, and entertainment (TICE); and government and the public sector. This study presents key findings and insights from that survey, as well as from a series of related, in-depth executive interviews.

Three quick wins for an analytics driven compliance testing function
This paper provides insight into a “three lines of defense” (3LoD) model for risk management; AML scenario coverage assessment, input data validation for AML surveillance models, and issue reporting and analysis. The three quick wins identified in this paper can help organizations facilitate the move toward an analytics driven BSA/AML compliance testing function and help build early momentum for a long-term, sustainable strategy.

The data conundrum: Finding your path with data analytics
Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.

Global risk in the transformation age
Companies are reconsidering their risk thinking and approaches, but they’re also transforming to align with changing market imperatives—and in the process, exposing themselves to multi-directional risks.

SAP implementation and controls study
To understand organizational awareness of risk and internal control considerations during an SAP system implementation or upgrade and their subsequent impact on control and compliance efforts, PwC conducted an SAP controls study. This paper highlights several themes and trends that were apparent.

Empower loss prevention with strategic data analytics
Retailers are realizing that the strategic management of risk and the reduction of shrink can have substantial impact on both profitability and customer satisfaction. Savvy retailers are using data analytics to add value to their loss prevention and risk management programs. This paper outlines key ways retailers are building successful enterprise-wide loss prevention programs that apply data and analytics.

State of Compliance Survey, 2014
Today’s Chief Compliance Officers (CCOs) face more responsibility than ever, but also an opportunity to play a more strategic role in their organizations and become vital members of the C-suite, according to the findings from PwC's 4th Annual State of Compliance Survey.

Business continuity beyond company walls:
When a crisis hits, will your vendors’ resiliency match your own?
Reliance on third parties is substantial and continues to gain momentum. Companies are increasingly migrating core and strategic functions to external providers with the objectives of improving efficiency, accelerating growth, and enabling operational transformation. This whitepaper highlights the journey to an integrated, responsive, and proactive business continuity management program that extends beyond your company's walls.

Risk in Review 2014: Re-evaluating how your company addresses risk
PwC conducted its third annual risk survey in the fall of 2013, polling 1,940 executives across 37 countries to seek a detailed picture of the state of risk in today’s business climate. Respondents brought perspectives from five broad organizational sectors: financial services; healthcare; consumer and industrial products and services (CIPS); technology, information, communications, and entertainment (TICE); and government and the public sector. This study presents key findings and insights from that survey, as well as from a series of related, in-depth executive interviews.

10Minutes on conflict minerals
10Minutes on conflict minerals provides insight into the strategic benefits and risks companies will want to focus on as they comply with the SEC's conflict minerals rule. The rule is effective for 2013 calendar year operations, so regardless of whether companies view conflict minerals as a supply chain opportunity, risk to their brand or another regulatory to-do, they should act now to prepare.

ISO 22301, Societal Security
ISO 22301 is the first international business continuity management (BCM) standard and will likely become the de facto standard for the global business community. This article provides an overview of the standard, its affect on the supply chain and what steps businesses need to take to become compliant.

Business Continuity Management 2022
In this article, we take a look at the current state of business continuity management to see if our predictions came true. Then, we look into our crystal ball and share our predictions for the next 10 years.